From e9df627edc3b003a45f3dc483a4c8b38e166da49 Mon Sep 17 00:00:00 2001
From: Paddy Carver <paddy@hashicorp.com>
Date: Thu, 17 Jan 2019 13:20:10 -0800
Subject: [PATCH 1/3] [Terraform] Keep SSL certificate keys out of state.

This updates the SSL certificate keys property to use a custom flatten
function, setting it to a hashed value of the key. It also adds a
diffSuppressFunc to check the config against the hash.
---
 products/compute/terraform.yaml                     | 2 ++
 templates/terraform/custom_flatten/always_empty.erb | 3 +++
 third_party/terraform/utils/utils.go                | 8 ++++++++
 3 files changed, 13 insertions(+)
 create mode 100644 templates/terraform/custom_flatten/always_empty.erb

diff --git a/products/compute/terraform.yaml b/products/compute/terraform.yaml
index cd745fbf24e5..ad6a2b2e5ae9 100644
--- a/products/compute/terraform.yaml
+++ b/products/compute/terraform.yaml
@@ -768,6 +768,8 @@ overrides: !ruby/object:Overrides::ResourceOverrides
       privateKey: !ruby/object:Overrides::Terraform::PropertyOverride
         sensitive: true
         ignore_read: true
+        custom_flatten: 'templates/terraform/custom_flatten/always_empty.erb'
+        diff_suppress_func: 'emptyStateDiffSuppress'
   SslPolicy: !ruby/object:Overrides::Terraform::ResourceOverride
     examples:
       - !ruby/object:Provider::Terraform::Examples
diff --git a/templates/terraform/custom_flatten/always_empty.erb b/templates/terraform/custom_flatten/always_empty.erb
new file mode 100644
index 000000000000..8bd2ef1117c0
--- /dev/null
+++ b/templates/terraform/custom_flatten/always_empty.erb
@@ -0,0 +1,3 @@
+func flatten<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d *schema.ResourceData) interface{} {
+	return hex.EncodeToString(sha256.New().Sum([]byte(v.(string))))
+}
diff --git a/third_party/terraform/utils/utils.go b/third_party/terraform/utils/utils.go
index 2ada16b09791..0f0f363048ee 100644
--- a/third_party/terraform/utils/utils.go
+++ b/third_party/terraform/utils/utils.go
@@ -3,6 +3,8 @@
 package google
 
 import (
+	"crypto/sha256"
+	"encoding/hex"
 	"fmt"
 	"log"
 	"strings"
@@ -179,6 +181,12 @@ func ipCidrRangeDiffSuppress(k, old, new string, d *schema.ResourceData) bool {
 	return false
 }
 
+// sha256DiffSuppress
+// if old is the hex-encoded sha256 sum of new, treat them as equal
+func alwaysDiffSuppress(_, old, new string, _ *schema.ResourceData) bool {
+	return hex.EncodeToString(sha256.New().Sum([]byte(old))) == new
+}
+
 func caseDiffSuppress(_, old, new string, _ *schema.ResourceData) bool {
 	return strings.ToUpper(old) == strings.ToUpper(new)
 }

From 83761f7b9df26b42d9e4f0bc46b0adf110ce77bc Mon Sep 17 00:00:00 2001
From: Paddy Carver <paddy@hashicorp.com>
Date: Thu, 31 Jan 2019 18:23:23 -0800
Subject: [PATCH 2/3] Fix function naming.

---
 products/compute/terraform.yaml      | 2 +-
 third_party/terraform/utils/utils.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/products/compute/terraform.yaml b/products/compute/terraform.yaml
index ad6a2b2e5ae9..eb62eac28b49 100644
--- a/products/compute/terraform.yaml
+++ b/products/compute/terraform.yaml
@@ -769,7 +769,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides
         sensitive: true
         ignore_read: true
         custom_flatten: 'templates/terraform/custom_flatten/always_empty.erb'
-        diff_suppress_func: 'emptyStateDiffSuppress'
+        diff_suppress_func: 'sha256DiffSuppress'
   SslPolicy: !ruby/object:Overrides::Terraform::ResourceOverride
     examples:
       - !ruby/object:Provider::Terraform::Examples
diff --git a/third_party/terraform/utils/utils.go b/third_party/terraform/utils/utils.go
index 0f0f363048ee..678833500046 100644
--- a/third_party/terraform/utils/utils.go
+++ b/third_party/terraform/utils/utils.go
@@ -183,7 +183,7 @@ func ipCidrRangeDiffSuppress(k, old, new string, d *schema.ResourceData) bool {
 
 // sha256DiffSuppress
 // if old is the hex-encoded sha256 sum of new, treat them as equal
-func alwaysDiffSuppress(_, old, new string, _ *schema.ResourceData) bool {
+func sha256DiffSuppress(_, old, new string, _ *schema.ResourceData) bool {
 	return hex.EncodeToString(sha256.New().Sum([]byte(old))) == new
 }
 

From a2371f99995b1d92ceec48b16aacad91a13e5062 Mon Sep 17 00:00:00 2001
From: Paddy Carver <paddy@hashicorp.com>
Date: Thu, 31 Jan 2019 18:33:02 -0800
Subject: [PATCH 3/3] Fix file naming.

---
 products/compute/terraform.yaml                                 | 2 +-
 .../terraform/custom_flatten/{always_empty.erb => sha256.erb}   | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename templates/terraform/custom_flatten/{always_empty.erb => sha256.erb} (100%)

diff --git a/products/compute/terraform.yaml b/products/compute/terraform.yaml
index eb62eac28b49..13397e841fda 100644
--- a/products/compute/terraform.yaml
+++ b/products/compute/terraform.yaml
@@ -768,7 +768,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides
       privateKey: !ruby/object:Overrides::Terraform::PropertyOverride
         sensitive: true
         ignore_read: true
-        custom_flatten: 'templates/terraform/custom_flatten/always_empty.erb'
+        custom_flatten: 'templates/terraform/custom_flatten/sha256.erb'
         diff_suppress_func: 'sha256DiffSuppress'
   SslPolicy: !ruby/object:Overrides::Terraform::ResourceOverride
     examples:
diff --git a/templates/terraform/custom_flatten/always_empty.erb b/templates/terraform/custom_flatten/sha256.erb
similarity index 100%
rename from templates/terraform/custom_flatten/always_empty.erb
rename to templates/terraform/custom_flatten/sha256.erb